Finland updates its DP law according to the GDPR

Finland finally adopted its new GDPR-style law on 13 November. The delay was partly caused by deliberations on the role of the Data Protection Ombudsman (equivalent of Privacy Commissioner) in imposing administrative fines. It was argued that to have one person decide on a very high level of sanctions did not fit in with Finland’s legislative tradition. The result was to set up a three-member board, whose chairman will be the Ombudsman, Mr Reijo Aarnio. No administrative fines can be imposed on public authorities.

Other national specifics include amendments on the right of access to public documents and setting the age-limit of consent at 13 with respect to offering information society services. There are also specific rules in the new law about processing of the Social Security Number which is paramount to the functioning of Finnish society.

The new law, which will repeal the Personal Data Act of 1999, is not yet in force. The Act on Protection of Privacy in Working Life (759/2004) will remain in force.

The new law, Tietosuojalaki, was adopted on 13 November. See (in Finnish)